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ENGINEERING PROTOTYPE DEVELOPMENT FOR POWER MANAGEMENT AND CONTROL 


A comprehensive automation design is being developed for Space 
Station Freedom's electric power system. A joint effort between 
NASA's Office of Aeronautics and Exploration Technology and NASA's 
Office of Space Station -Freedom, it strives to increase station 
productivity by applying expert systems and conventional algorithms 
to automate power system operation. The initial station operation 
will use ground-based dispatchers to perform the necessary command 
and control tasks. These tasks constitute planning and decision- 
making activities that strive to eliminate unplanned outages. We 
perceive an opportunity to help these dispatchers make fast and 
consistent on-line decisions by automating three key tasks: failure 
detection and diagnosis, resource scheduling, and security 
analysis. Expert systems will be used for the diagnostics and for 
the security analysis; conventional algorithms will be used for the 
resource scheduling. 

To demonstrate the benefits of automating these tasks we plan to 
operate the Space Station Freedom Power Test-Bed using our 
prototype automation technology in our Engineering Support Center 
(a mission control type of environment) . In addition, we plan to 
demonstrate cooperative problem solving between this test-bed and 
the Common Module Power Distribution Test-Bed located at the 
Marshall Space Flight Center. These latter demonstrations will 
investigate using expert systems that cooperate to diagnose 
failures whose effects propagate across system boundaries and that 
cooperate to recover and restore the performance lost through such 
failures . 
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CONTROLLING SPACE POWER SYSTEMS 


Many similarities between the space station's power system and 
terrestrial power utilities are apparent. Both systems incorporate 
generation, storage (usually a pumped water reservoir for the 
terrestrial — batteries for us) , transmission lines, circuit 
breakers, and power consumers. Both systems rely heavily on human 
decision-making for safe, economic operation. But, the strategy 
that controls the operation of the two systems is fundamentally 
different. This difference arises at the power supply. 

In terrestrial utilities, ample generation is usually available for 
the demanded loading; when it is not, power is purchased from the 
grid. The control strategy is to modulate generation capacity to 
match the demand's changes. Any shortage is covered by interchange 
with the grid. Every effort is made to meet the load demands by 
managing the injection of power into the transmission network. 
Controlling the loads themselves is reserved for extreme failures 
when there is no acceptable alternative. 

The space station's power system has no tie-line to a neighboring 
utility. Generation cannot be modulated to accommodate demand as in 
electric utility companies. The power aboard the spacecraft is 
produced by the solar energy conversion systems which are 
controlled to maximize energy production. With solar power systems 
producing only about 7 watts of power for every kilogram of 
equipment, Space Station Freedom will never grow to be a power rich 
environment. This makes space power an expensive, limited resource 
to be judiciously allocated among the on-board users to maximize 
payload productivity. Energy utilization is controlled by adding 
and deleting loads from the system. This requires that the load 
demand be as determinate as possible so that each watt can be 
allocated. Although this procedure maximizes payload productivity, 
it generates an extremely difficult scheduling problem aboard 
complex spacecraft such as Space Station Freedom. 

The goal of building a Space Station as an infrastructure for space 
research complicates the scheduling problems even further. 
Previous spacecraft have been dedicated to specific pre-determined 
experiments whose schedules are maximized before flight. A 
research environment requires the flexibility to generate detailed 
schedules throughout a thirty year span. Space Station Freedom must 
provide just such an environment and reap the concomitant 
development challenges. 
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WHY ADVANCED DEVELOPMENT? 


The Space Station prime program has many difficult problems to 
solve. The electric power system itself has endured the 
complications of a major component change from 20 kHz AC 
distribution to DC generation and distribution. Added to these 
problems are the more recent restructuring activities which 
emphasize ground control instead of flight control. All of these 
factors distract the prime program from addressing productivity. 
Overall, the major design objectives for SSF' s electric power 
system are to build a fail-safe system, to operate within 
tolerances that provide the required amount of energy, and to 
create a power system that will be productive. The prime program 
must first focus on the safety and capacity objectives that create 
a working, robust flight power system. Unfortunately, the 
productivity issues do not receive the same attention. The 
advanced development program has the luxury of avoiding the direct 
developmental issues and can spend its resources on identifying and 
building products that will work with the flight power system to 
augment its capabilities and enhance its productivity for the long 
term . 
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MAJOR OBJECTIVE: MAXIMIZE PRODUCTIVITY 


Our major objective is the maximization of productivity which 
manifests itself as efficient and effective operation of the Space 
Station. To accomplish this we consider two subobjectives of 
productivity: maximization of resource availability and 
minimization cf operating costs. Maximization of power 
availability combines a maximization of usage and a minimization of 
restoration time. To maximize usage we consider load scheduling to 
be our primary strategy. With it we plan to devise a flexible tool 
which will be able to automatically schedule this scarce resource 
throughout the envelope of changing operational configurations. To 
minimize restoration time we are developing several diagnostic 
tools to investigate the merits of different approaches to 
determine failure causes. With strong diagnostic aids at hand, an 
operator will improve his abilities to respond to anomalies, 
whether he is ground-based or a member of the crew. To further 
augment the abilities of the operator we are developing replanning 
tools which will recommend possible remedial options after a fault 
has occurred or if a potential problem is brewing. Minimizing 
operating costs combines operating the power system as close to 
nominal as possible and minimizing the amount of involvement of the 
operator. Nominal operations may be traded for performance, 
especially in emergency situations involving crew. The major 
component of the power system that involves costly maintenance is 
the batteries. Optimizing battery usage will increase battery life 
and reduce the expenses involved in removal and installation of new 
batteries. Operators, whether ground based or flight crew, have 
significant duties to perform. We can minimize their involvement 
in routine power system operations by providing expert system 
consultation during reconfiguration and replanning. 
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POWER MANAGEMENT AND CONTROL AUTOMATION 


In the fall of 1990, Congress mandated an eight billion dollar 
budget reduction for the Space Station Freedom Program. To meet 
this reduction, NASA has reduced the scope of the Space Station's 
objectives. One of the strategies was to move automation from 
aboard the space station to the ground control center. This new 
baseline design places the ground-based flight controllers as the 
principal decision-makers in the moment-to-moment operations. To 
make quality decisions, these flight controllers must have an 
acumen sharpened through years of experience. We believe that 
expert systems can capture much of this knowledge and help the 
flight controllers to make faster and more consistent decisions by 
reducing their cognitive workloads. 
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POWER CONTROL CENTER CONCEPT 


Our concept for ground-based control focuses on partitioning the 
control decisions for the electric power system into four decision- 
making entities. The first, the flight support system, is 
responsible for issuing the commands to the electric power system 
aboard the space station. It monitors the system's status and 
prompts the flight controller for appropriate responses. This is 
the fastest responding control system. When addressing failure 
events, this system must detect the failure and isolate affected 
systems so chat the station's integrity is not jeopardized. In 
addition, the corresponding flight rules must be executed to 
minimize system degradation. Three other systems are used to aid 
the command and control activities of the flight support system. 
These systems are slower to respond than the flight support system 
and perform detailed event analyses (diagnosis and security 
analysis) and operations planning (scheduling) . The diagnosis 
system uses available telemetry data to determine the most likely 
cause of a failure. The security analysis system conducts 
contingency ("What if...?") analyses to determine the risk of 
continued operation. The results of these event analyses alter the 
operating constraints and mission objectives which in turn require 
a revised operating plan. The scheduling system provides this plan 
by allocating resources according to the constraints identified by 
the event, analysis systems. Human operators coordinate the 
exchange of information among these four systems. 
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PRODUCTION SYSTEMS FOR DIAGNOSIS 


The diagnostic system is an expert system that uses set-covering 
rather than a series of if-then rules to encode the failure 
knowledge. In this software, a data base linking all known system 
failures to their known symptoms is built and searched to generate 
the failure cause hypotheses for observed symptoms. Antecedent 
driven rules control hypothesis generation and determine the most 
likely cause. Nonmonatonic inference is implemented using reasoned 
assumptions and rule conflicts are identified and resolved using 
Petri net transitions. The failure knowledge, however, is stored 
as data and is easily maintained. This diagnostic system uses a 
standard reliability analysis tool — the failure modes and effects 
analysis — to produce the symptom and failure data base. Symptoms 
are detected using rule-based classifiers which process the 
telemetered measurements. 
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SECURITY ANALYSIS 


System security analysis is a risk assessment. It examines the 
liabilities of continued operation by identifying contingencies and 
estimating their consequences. The contingencies are either sudden 
disturbances or gradual performance degradations that could lead to 
overloads, voltage degradation, source shutdown, or load shedding. 
If the risk of continued operation is judged acceptable, the system 
is classified "secure" and system operation proceeds according to 
the current plan. If there are risky contingencies, the system is 
judged "insecure" and preventive control strategies are 
recommended . 

Three distinct activities are required to analyze system security: 

1. Generate and test contingencies: Worrisome failures that are 
present under all operating conditions as well as operating-state 
dependent failures such as transmission outages are compiled and 
submitted for analysis. The analysis calculates the operating 
margins for each cf these failures. 

2. Project c rends: Incipient failures such as gradual degradation 
in battery storage capacity or inconsistencies between proposed 
consumption and production are detected by specialized software. 
The anomalies are forecasted and added to the list of contingencies 
to be analyzed at that time. 

3. Judge security: A "system"- is secure if there are no 
contingencies that result in an emergency state. If the operating 
margins calculated in the analysis are insufficient, the system is 
judged "insecure" and control actions are recommended that will 
attain an acceptable operating risk. 
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NIH2 BATTERY HEALTH MONITORING SYSTEM 

A significant part of the security analysis problem is monitoring 
the health of the battery system and projecting any loss of 
capability. A battery health monitoring system is being developed 
that detects anomalies in the batteries, provides problem 
diagnosis, and projects expected life estimates. This system uses 
a combination of analytic models and tabulated aging 
characteristics to identify incipient failures. Three trends are 
maintained: short-term, medium-term, and long-term. 

The short-term trend data (3 orbits) address battery current and 
voltage, ceil pressure and temperature, and depth of discharge. 
The data are smoothed. Trends are identified and compared with 
results from an empirical analytic model of the battery. Deviations 
are used no detect events such as sensor failure, cell short 
circuit, and cell rupture. 

Medium-term (100 orbits) and long-term (3000 orbits) data address 
cell pressures and voltages at the end of the charging period and 
at the end of the discharging period, recharging ratio, Watt-hour 
efficiency, depth of discharge, and cell temperatures. These data 
are smoothed and trends are identified and compared with the 
batteries' expected aging characteristics. The comparisons detect 
the anomalies that develop over many orbits such as: cell soft 
short, slow cell leak, high internal resistance, internal 
corrosion, excessive overcharge, abnormally high operating 
temperature, and gradual loss of charge carrying capacity. 

The system displays these health trends and alerts the system 
operator should there be any deviations from the expected. 
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SYSTEM MANAGEMENT AND SPACE STATION FREEDOM AUTOMATION 


One of the key concepts in our automation scheme parallels the 
systems management approach to project management and design. This 
approach is utilized in our scheduling tool by incorporating a two- 
level hierarchy for distributing the computational requirements and 
the regions of responsibility. The hierarchical design resembles 
the manager and subordinate with respect to their roles and 
responsibilities. This system is based on the concept of 
participative management where the manager describes the work to be 
done and then leaves the subordinate alone while the work 
progresses. Communication between the levels is minimized. 
Detailed information resides with the person who will be using it. 
In this fashion we build a computer system that can be distributed 
across different machines reducing computational overload and 
minimizing data passing. 

Along with distributing our scheduling process, we are defining an 
explicit value system to be used in evaluating the proposed 
schedules. Maintaining the separation of responsibility each 
subordinate system will maintain and define its value for a 
specific schedule which can be interpreted on the higher level. 
Each subsystem will maintain its own system integrity and evaluate 
schedules with respect to its own system level constraints. These 
evaluations will be passed up to the higher level where they will 
be interpreted within the context of the entire system rather than 
the local point of view. 



SPACE STATION FREEDOM 
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FREE MARKET ECONOMY MODEL FOR SCHEDULING RESOURCES 

Using the systems management approach we have developed a value- 
driven distributed scheduler that models a free market economy. 
This scheduling technique is based upon three agents, resource 
suppliers, resource consumers and an overall market coordinator. 
The resource suppliers are the various subsystems on the Space 
Station. They maintain their local systems and evaluate proposed 
schedules based upon usage of their resource. Consumers are the 
payloads and various housekeeping tasks aboard the Space Station. 
Each consumer describes the various options for each desired 
activity along with defining a specific numeric value for each of 
these options. The schedule is determined by setting initial 
prices for each resource throughout the scheduling horizon which 
are sent to each of the consumers. The consumers evaluate how much 
each of their options would cost and choose the one with the 
highest net. benefit where net benefit is the difference between the 
value of the option minus the cost of the resources used. The 
selected options are aggregated by the market coordinator who sends 
the appropriate total usage profile to the resource supplier. Each 
supplier looks at the proposed schedule of usage and compares it to 
what he knows he can supply throughout the orbit. He will then 
send a set cf price adjustments to the market coordinator to drive 
usage to his specific abilities. His goal is to maximize usage of 
his resource, operating neither in a deficit nor in a surplus 
condition. The market coordinator continues this iterative process 
until the prices converge and the schedule options are stable. 

One of the benefits of this approach is that the explicit value 
system can be used to identify how good the proposed schedule is 
before the solution has converged. Consumers and suppliers define 
utility functions that are used to evaluate the proposed operating 
condition generated by each proposed schedule. The utility 
functions are sent to the market coordinator who can evaluate the 
entire state cf the Space Station operation and decide whether or 
not to continue iterating. Scheduling needs to be responsive to 
different operating states of the Space Station. Some schedules 
will be routine, others will be emergency schedules needed very 
quickly to return to a sensible operating condition. Using 
explicit values and utility functions allows us the flexibility to 
provide for many different operational scenarios. 
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POWER CONTROL CENTER CONCEPT - REVISITED 


To revisit the motives behind our program, we have responded to the 
Space Station restructuring effort by focussing our products as 
ground-based tools for operators. We see the use of our 
intelligent decision-making aids as improving the overall Station 
productivity by enabling decisions to be made faster and more 
accurately . 

We have been investigating the Engineering Support Center at LeRC 
as our potential site for the power control center. Using the ESC 
we will be able to communicate directly to the LeRC Power 
Management testbed, as well as receive actual telemetry when 
appropriate. In this environment we will also be able to link to 
the MSEC payload operations center and exchange data necessary to 
diagnose and recover from power system failures that propagate from 
the primary system into the secondary. 
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LERC COLLABORATION 


Development of different expert systems for the power system on 
board the Space Station has been a direct response to the 
programmatic partitioning of the primary power system generation 
and storage and distribution from the secondary power distribution 
network. This partitioning has provided a manageable subset of the 
system for each of the developers. However, certain failures will 
propagate across these system boundaries and it is necessary to 
begin investigation of these effects. 

A data link between testbeds at NASA-LeRC and NASA-MSFC has 
provided information to begin these investigations. This link has 
been used tc demonstrate cooperating expert systems during this 
past year. The demonstration addressed a power generation failure 
that required the secondary system to perform intelligent load 
shedding at the module level. We are planning to continue this 
effort by investigating failures that ripple through the secondary 
distribution and whose recovery requires cooperation between both 
systems. In the context of the control center environment we are 
not planning ar.y direct testbed links for the coming year. We want 
to study how to coordinate the entire power system operation using 
the control center environment. This will prepare us for real 
operational scenarios. 
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LeRC POWER MANAGEMENT AUTOMATION EVOLUTION 

When the Space Station program began, the electric power system was 
a 20kHz AC distribution system. Pioneering work had been done at 
LeRC in development of this technology. Many power system experts 
were available to provide the information required for intelligent 
control and diagnostic tools. Our program took advantage of these 
factors and developed a diagnostic tool in KEE for 20kHz switchgear 
which communicated with a scheduler for replanning usage after a 
system failure. These tools also communicated directly to prototype 
Ada flight code controlling 20 kHz switchgear. Development of 
these products and their integration has provided us with valuable 
insight into the problems that can occur. This work culminated in 
an integrated demonstration with a MSFC testbed over a long 
distance communication network. The products from this work are 
being modified to apply to the DC testbed configuration and will 
also be integrated into the power control center. 

Parallel efforts began when the Space Station program switched from 
20kHz AC to DC distribution. A diagnostic product using ART was 
developed along with a value-driven scheduler and the beginnings of 
the security analysis system. These products had been targeted for 
integration with the DC testbed directly as a demonstration of 
their potential use as flight decision-making aids. Due to the 
restructuring efforts and the current emphasis on ground-based 
control, we have reevaluated the thrust of our program. We are, 
however, continuing with integration of our products and the DC 
testbed directly. This serves as a preliminary step before 
integrating with the LeRC engineering support center, the ESC. We 
are developing the interfaces required to make an initial 
communication path between our advanced development machines and 
the testbed control computer using its current operator interface 
system protocol. Testbed work is very intense at the moment and 
this approach creates minimum impact on their efforts. We are also 
investigating the interfaces required for integration of the power 
system testbed and the ESC. The ESC will provide our advanced 
development products a rich environment of processed data and 
graphics interfaces. Our initial design features the advanced 
development machines communicating on a subnetwork and using one of 
the ESC machines for passing the data to and from our products. 
This minimizes the impacts on both the ESC and our program. After 
this interface has been developed and used to investigate testbed 
and automation product performances, we plan to generate specific 
application programs that would dirctly reside on the ESC 
processors . 
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IN A NUTSHELL 


In the ever changing environment of the Space Station program, 
power system management and control continue to be critical 
development items. Our advanced development program is focussed on 
developing decision-making aids for operators, either ground-based 
or flight-based. In the efforts to fully utilize electric power at 
all times, we need much automation. We are striving to provide 
automation tools which will allow the Station to flexibly and 
productively manage of one of its critical resources, energy. 

We are targeting our products for the ground-based control centers 
knowing that this is where they are heeded initially. Operating a 
Space Station will be a monumental effort and products to reduce 
the workload will prove themselves well worth their development 
cost. As Space Station develops, the need for these products will 
be onboard. We are prepared to continue our efforts and provide 
flight-quality products. 
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